I was at the computer science lab today to transfer my research data and files from DVD to my USB flash memory stick because I forgot to bring my lap top. I hate going into the lab because it is always so packed in there as everyone is using the workstations to do their homework with. The computer science lab is sort of the weird place because you would think you would see people that had thick glasses and pocket protectors and smelt like B.O., but here the majority of the students are women, and most of them look like they just stepped out from a fashion set in London or New York. The stereotype of the computer geek has changed—well for me anyway.
At the end of the lab there were about twenty students listening to a lecture, and up on the screen was a power point presentation slide that had the title called, “Worms, Viruses and Trojans.” Kind of a luring title for someone like myself who studies computer forensics. The person giving the lecture was going over some of the code that they had analysed from two servers they found to be infected. They called the Worm “Conficker C,” and said that it had a set-off date of April 1st, 2009. Hey, that’s this coming Wednesday!
The Worm seems to be set to sit dormant until April 1st, then once started it could start communicating back to whomever by either sending SPAM, keystrokes, or any number of security issues that may result from your data or activities on your PC.
Not one person seemed to be panicing from this in the room? I asked one of the lab assistance what they thought of the latest PC viruses, and she corrected me by saying that only Microsoft system without adequate updates are vulnerable. These update are issued once every month, and once you have the software installed you get six months free updates. She said the Conficker C, Worm seems to be able to close, or shuts off the firewall, and counteracts some security updates… self defeating updates perhaps?
I said, “you have to pay for them…?”
She said, “Yes. Updating cost money for the lab technicians who spend more time catching up on what is out there than reinforcing existing networks. It is a real challenge to keep on top, and staying current.”
I wondered why Microsoft doesn’t do daily updates for free? I mean if they want to keep their product “hassle free and properly secure,” then why not have the operating system constantly updated. But then I remembered that there are a hundreds of problems for them to do this, one being, how many users are still using older versions that no longer have updates. And then there is the fact that “free” does not work under a corporate model that someone has to be paid for doing the work.
So now I wave the Open Source flag with some facts about our little corner of the universe.
Fact 1. Linux machines work on the principle of never running at the administrators level for normal use. In other words, normal operations are done at the user’s level so installing programs are never an issue without your input.
Fact 2. Because of working at the “user’s” level, all software, files and hacks need permission to be activated. Even scripts from the update manager need permission.
Fact 3. 90 percent of the worlds computers are not Linux based so it would not be worth someone’s time to write a worm, virus or trojan, for a handful of systems when the mother load belongs to Mac and Microsoft users.
Fact 4. All major flavours of Unix systems are updated on a daily bases, and is done for free—no strings attached. This is perhaps is the main reason why many who run Unix based systems are very confidant that these systems will remain the safest of all PC, and servers, in the cyber world.
The buzz has finally started in the media as the known start-up date of the Worm approaches. CBC reported today that, “ [t]here are other worms crawling the internet, but this one has made headlines in recent weeks because the latest variant of the worm, Conficker C, which was noticed in early March, is expected to launch some sort of attack on April 1, 2009 (it will check the date on a number of internet sites, so changing the date on the computer itself isn’t a safeguard)” (CBC, March 2009). And a plea from Microsoft came in the form of a $250,000.00 US bounty to catch the person, or people who did this.
So I’m going to keep my eye on the net see what happens when this chaos starts on Wednesday. I’m going to check Goggle and see if there has being a huge increase in bandwidth around the world if this Worm does its stuff. My advice for you who are worried about this sort of stuff would be to apply some “Window Cleaner” to your system and try something different. Pun intended.
Source: CBC, FAQ: Conflicker Worm.